From bd35a70017b35a4ce2ad13f3f99a0cc651e91002 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <Tod_Beardsley@rapid7.com>
Date: Thu, 25 Feb 2010 21:35:55 +0000
Subject: [PATCH] Wrapping up the whole timeout sequence in a timeout to avoid
 getting stuck.

git-svn-id: file:///home/svn/framework3/trunk@8643 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/auxiliary/scanner/telnet/telnet_login.rb | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb
index 7ef2505ea7..0661e5c835 100644
--- a/modules/auxiliary/scanner/telnet/telnet_login.rb
+++ b/modules/auxiliary/scanner/telnet/telnet_login.rb
@@ -50,6 +50,11 @@ class Metasploit3 < Msf::Auxiliary
 				OptBool.new('VERBOSE', [ true, 'Verbose output', false])
 			], Msf::Exploit::Remote::Telnet
 		)
+		register_advanced_options(
+			[
+				OptInt.new('TIMEOUT', [ true, 'Default timeout for telnet connections. The greatest value of TelnetTimeout, TelnetBannerTimeout, or this option will be used as an overall timeout.', 0])
+			], self.class
+		)
 
 		@no_pass_prompt = []
 	end
@@ -58,14 +63,21 @@ class Metasploit3 < Msf::Auxiliary
 	attr_accessor :password_only
 
 	def run_host(ip)
+		overall_timeout ||= [
+			datastore['TIMEOUT'].to_i,
+			datastore['TelnetBannerTimeout'].to_i,
+			datastore['TelnetTimeout'].to_i
+		].sort.last
 
 		self.password_only = []
 
 		begin
 			each_user_pass do |user, pass|
-				try_user_pass(user, pass)
+				Timeout.timeout(overall_timeout) do
+					try_user_pass(user, pass)
+				end
 			end
-		rescue ::Rex::ConnectionError, ::EOFError
+		rescue ::Rex::ConnectionError, ::EOFError, ::Timeout::Error
 			return
 		end
 	end